These are both field methods that purport to clean up text to make it safe html. I don’t understand what the difference between them is, anyone else?
html() http://getkirby.com/docs/cheatsheet/field-methods/html
escape() http://getkirby.com/docs/cheatsheet/field-methods/escape
The difference is very minimal. escape() is a bit stricter than html() and makes sure that in no way any HTML can get into a JavaScript execution context or modify the page behavior in any way (it converts single AND double quotes, while html() only converts double quotes). Normally html() is just fine, escape() is useful if you are dealing with user-generated data.
@bastianallgeier: The documentation currently lacks references to the actual Toolkit methods that are responsible for stuff like this. I think that these interconnections would be great for people who want to understand how Kirby works.
1 Like
It seems escape() will also escape HTML-relevant characters like < and >, while html() leaves them untouched.
1 Like
If you ask me, just use escape() everywhere you output data in your HTML. It is specifically designed to save your HTML from breaking.